https://community.cisco.com/t5/network-security/ips-signature-updates/m-p/1174945#M77459 <HTML><HEAD></HEAD><BODY><P>Take a look also to this discussion:</P><P></P><P><A class="jive-link-custom" href="http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Intrusion%20Prevention%20Systems/IDS&amp;topicID=.ee6e1fc&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd25dcc" target="_blank">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Intrusion%20Prevention%20Systems/IDS&amp;topicID=.ee6e1fc&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd25dcc</A></P></BODY></HTML> Thu, 26 Mar 2009 09:47:51 GMT rjaaouan 2009-03-26T09:47:51Z https://community.cisco.com/t5/network-security/ips-signature-updates/m-p/1174943#M77457 <P>Is there a Cisco best practice for downloading IPS signature updates?, any documentation on this?, also how often are updates released?</P> Sun, 10 Mar 2019 11:33:57 GMT https://community.cisco.com/t5/network-security/ips-signature-updates/m-p/1174943#M77457 networker99 2019-03-10T11:33:57Z https://community.cisco.com/t5/network-security/ips-signature-updates/m-p/1174944#M77458 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>to know all new Signature update, you can subsribe a <A href="mailto:ips-news@cisco.com">ips-news@cisco.com</A> distr list. You will revieve an email with all new Signature...</P><P></P><P>they will send you an email as soon as an update is availble, lik ethis: </P><P></P><P> 1. Announcing the S387 Signature Update for IPS</P><P></P><P>The S387 signature update contains the following new signatures:</P><P></P><P>PLATFORM SIGID SIGNAME ENGINE SEVERITY ENABLED</P><P>5.x,6.x 6147.0 RealPlayer RealMedia Security Bypass string-tcp high false</P><P>5.x,6.x 6733.0 CA BrightStor ARCServe Backup LGServer Arbitrary File Upload string-tcp high false</P><P>5.x,6.x 6297.0 RealPlayer ActiveX Import Method Buffer Overflow meta high true</P><P></P><P>till now you need to download the signature on your compter, the upload it, or use an Autoupdate feature with the IDM.</P><P></P><P>I think Signatures are released, when there is new attack or weakness..., but you can use Anomaly Detection to detect any suspected behavior: Zero-Day detection.</P><P></P><P>Cheers</P><P>Reda</P></BODY></HTML> Thu, 26 Mar 2009 09:17:30 GMT https://community.cisco.com/t5/network-security/ips-signature-updates/m-p/1174944#M77458 rjaaouan 2009-03-26T09:17:30Z https://community.cisco.com/t5/network-security/ips-signature-updates/m-p/1174945#M77459 <HTML><HEAD></HEAD><BODY><P>Take a look also to this discussion:</P><P></P><P><A class="jive-link-custom" href="http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Intrusion%20Prevention%20Systems/IDS&amp;topicID=.ee6e1fc&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd25dcc" target="_blank">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=Intrusion%20Prevention%20Systems/IDS&amp;topicID=.ee6e1fc&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd25dcc</A></P></BODY></HTML> Thu, 26 Mar 2009 09:47:51 GMT https://community.cisco.com/t5/network-security/ips-signature-updates/m-p/1174945#M77459 rjaaouan 2009-03-26T09:47:51Z